Information Security GRC Manager

The company

Nebius AI is an AIcentric public cloud platform specifically crafted to serve AI models for training and inference.

Our mission is to help ML practitioners concentrate on their core jobs while DevOps MLOps and infrastructurerelated tasks are handled by us. The idea is to build an MLspecific cloud platform covering the entire ML lifecycle from A to Z: from data preparation and labeling to ML training and inference.

We recognize the potential of ML and AI technologies and aim to provide our future users with the perfect environment to train and finetune their models. We are committed to delivering the best user experience and excellent customer support.

Four development hubs:
Nebius is headquartered in the Netherlands with hubs in Finland Serbia and Israel.

Data center in Europe:
Our own data center in Finland features server racks designed inhouse for MLspecific high load with powerefficient solutions including a freecooling system.

500 professionals:
Our mature team of engineers has a proven track record in developing sophisticated cloud and ML solutions and designing cuttingedge hardware.

The role

Were looking for an InformationSecurity GRC Managerto be a part of the team responsible for establishing Information Security governance and risk management compliant with applicable laws regulations and industry best practices in modern AI Cloud technology environment.

Youre welcome to work in our office in Belgrade hybrid.

In this position your responsibility will be to:

• Establish and maintain governance structures policies internal regulations and procedures
• Collaborate with crossfunctional teams to align Security GRC strategies with business objectives
• Ensure compliance with relevant laws regulations and industry standards
• Create and update policies related to information security and compliance
• Conduct training sessions for employees on Security GRC procedures and best practices
• Identify assess and prioritize risks across the organization
• Develop and implement risk mitigation strategies
• Monitor risk exposure and recommend adjustments as needed
• Coordinate internal and external audits
• Address audit findings and implement corrective actions
• Regularly assess the effectiveness of Security GRC strategies
• Evaluate thirdparty vendors for compliance and risk
• Establish vendor risk assessment processes
• Monitor vendor performance and adherence to contractual obligations

We expect you to have:

• 5 years in cybersecurity: security architecture processes GRC
• Deep understanding and ability to manage compliance with multiple standards of security frameworks: ISO 27k SOC 2 PCI DSS CSA STAR etc.
• Experience building security processes from scratch or managing major process changes
• Understanding of the shared responsibility model and cloud specifics experience with cloudnative security solutions
• Demonstrated ability to collaborate with crossfunctional teams to deliver results in a fastpaced environment
• Understanding of Infrastructure as Code Microservices architecture and DevSecOps practices
• Excellent communication skills with the ability to effectively articulate technical concepts and product value propositions to both technical and nontechnical stakeholders
• Full professional proficiency in English

It would be an added bonus if you had:

• International security certifications (CISSP CISM etc) and experience in consulting and auditing

Does all that sound like your kind of challenge Then join us!